Severity: Unknown
Affected Package: bhyve
Summary: bhyve VirtIO device models memory corruption on descriptor fetch errors
Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest, causing the device model code to operate on uninitialized I/O vectors and leading to memory corruption, which could crash the bhyve process or potentially achieve arbitrary code execution in the host.
No specific recommendations provided.
Aliases: CVE-2021-29631
Published: August 24, 2021
Last Modified: August 24, 2021